Freedom of Information Act vs Homeland Security 36
psyki writes "Should vulnerabilities in our public infrastructure be handled like vulnerabilities in computer security? Wired has an interesting article about the state of the Freedom of Information Act, particularly how it is becoming increasingly difficult to obtain documents from reluctant agencies in the security-conscious post-Sept 11 era. What really made me think, however, was this line: "While keeping information about security vulnerabilities out of terrorists' hands is a legitimate goal, McMasters believes the government is taking secrecy a step too far. In the end, he said, communities would be safer and better able to plan for their own protection if they were aware of potential security holes in power plants, airport terminals or other facilities.". Sounds an awful lot like the raging debate in the computer security community regarding publicizing vulnerabilities."
So you know of a security hole in the power system (Score:1)
Re:So you know of a security hole in the power sys (Score:4, Insightful)
Demand that the government FIXES it rather than just relying on security through obscurity. . .
The U.S. Government seems intent on the idea that if they HIDE the security flaws that those flaws will not be exploited by terrorists. (and of course as a bonus side effect they don't have to hear the public keep on bitching about those security holes either!)
Well first off, it is fairly hard to stop people from WALKING THROUGH public places. Second off, copies of plans still exist in archives unscrupulous individuals (a category which terrorists definitely fall into the category of) are more than willing to find ways to gain access to.
So does hiding the security flaws make any difference? No, shit will still get blown up. The only difference is that the people won't get to realize how much danger they are in and thus will not be able to force their legislators to FIX those problems before those problems ARE exploited.
Democracy relies on the principle of a populous educated on issues pertinent to society. Kind of hard to have an EDUCATED populous when the government keeps on taking away the relevant data!
Re:Two points (Score:3, Interesting)
Re:Two points (Score:1)
Re:Two points (Score:3, Insightful)
By trying to protect my liberties I do no such thing.
I would rather live in a free United States, than a Soviet United States with an Orwellian style government, even if the latter is more secure, because the former is worth dying for. If the latter is something you are interested in go move to Communist China where everything and anything about you and what you do is able to be watched and controled by the government, and you h
Re:Two points (Score:2)
-- Benjamin Franklin, one of our founding fathers
Re:Two points (Score:2, Insightful)
Re:Two points (Score:3, Insightful)
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
I would certainly place government transparency under the essential liberty, as too much will happen if it's covered up.
Re:Two points (Score:1, Insightful)
The right path lies in the middle, but full transparency of the government is most definitely not an essential liberty.
Re:Two points (Score:2)
But let's see:
Hiding info that was previously public...
Permitting holding of prisoners without trial...
Warrantless searches...
How do those in any way increase security? Why are they worth the diminishing of any rights? How is anything they gain more than temporary, if anything at all is achieved?
Re:Two points (Score:2)
While a good guideline, Franklin's phrase breaks down when there is more than one liberty in play. It's easy to say that you're not willing to sacrifice the `right' to know how to break into your local nuclear plant and make it go critical, but there's a counterpoint, too:
See, if terrorists break into that plant and make it go critical, thus killing you, you've lost liberty too -- you don't see any dead people practicing the right to free speech, free press, or any of the other essential rights, do you
Re:Two points (Score:5, Interesting)
Fortunately, while we know of no single right answer to that dilemma, we do know of several that are wrong. And blindly repeating that old saw is one of the wrong ones.
For the fallacy inherent in that oft-quoted aphorism* is that though there can be security without liberty-- totalitarian dictatorships are notably secure-- there can be no liberty without security.
But if you want to take, for sake of argument, the quote attributed to Franklin at face value, at least get it right. "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." We're not talking about a little temporary safety. We're talking about permanent security on a grand scale, directly affecting hundreds of millions of people.
It is wise to be cognizant of your liberties and to defend them when they are challenged.. But it is the acme of foolishness to deny that we must sometimes give up a little temporary liberty to obtain essential safety.
--
* In point of fact, it appears that Benjamin Franklin never wrote nor said it. The line appears in the 1759 Historical Review of Pennsylvania, a work which was published anonymously. The work has been attributed to Franklin, but there seems to be no evidence that it was actually his work.
Re:Two points (Score:2)
I was looking for evidence about that quote NOT actually being a Ben Franklin quote and couldn't find any sites (quick search). Do you happen to have any? It'd be really nice to be able to point out contextual errors when people start spouting off with that quote.
I personally don't like the quote because it's so ambiguous than any zealot can use it to back up his point of view. What exactly IS an 'essential liberty'? I'm relatively certain that the founding father's had a very di
Re:Two points (Score:2)
"First, michael put a "IN SOVIET RUSSIA" joke in the byline. Though it's completely nonsensical, since you most assuredly did not get much information from the government in Soviet Russia."
Actually it's bitterly ironic since the whole "In Soviet Russia..." thing is about things there being the opposite of things here, and things here are tending towards "In the U.S. government gets plenty of information from and about you but you ge
I'm not so sure... (Score:4, Insightful)
But we're not just talking about software here. And there is no question that when an exploit is published that some individuals will take advantage of it. Publishing exploitable details could very well allow a single exploit, which IMHO is one too many.
Re:I'm not so sure... (Score:3, Informative)
Ahhg, I hate these complex ethical questions. In dealing with physical structures, we have to remember that you can't just issue a patch for a bridge or a tunnel. Budgetary, engineering, or other concerns might well prevent you from repairing a flaw even if it's out there. Plus, of course, physical structures are not likely to
Re:I'm not so sure... (Score:1)
The thing is, while it is ultimately better for the greater security that the public knows of these security holes so they can demand they are fixed there is an element of bureaucracy that slows or halts the correction of flaws.
In the computer world this is also clearly possible, but it seems that Open Source Software projects typically transcend sophomoric bickering to quickly address security issues and correct them.
In the government world... while I'd love to believe that
there's a difference (Score:5, Insightful)
The difference is that FOIA covers the government while the debate about security vunerabilities is in the private sector.
The analogy is a good one but let's not confuse private industry's interest in profit with our interest in an open government.
The arguement can be made that Microsoft is so vital that it has to be as equally transparent as the government is (supposed to be). But, as influencial and omnipotent as Microsoft is, it isn't government, it is owned by Bill Gates and stock holders not a voting public.
Re:there's a difference (Score:1)
The difference is that open source software can be fixed by whomever knows that there is a problem. Making this information more widespread supposedly helps fix the problem faster.
In closed source software it has often been the case that threatening to go public with the information aids in getting the fix out faster. Once the fix is created, spreading the news as
Re:there's a difference (Score:1, Interesting)
"If someone publishes that there is a security breach that allows terrorists to obtain nuclear weapons from the U.S. government, there is very little likelihood that letting YOU know about it will help the problem be fixed faster"
Yet if they didn't publish it there would be NO chance of you working to fix the problem and the terorrests would get thier nukes and use them without you even knowing how they managed to blow up your city.
If the problem is the curruption of the gover
Ahem (Score:2)
Re:Ahem (Score:2)
Civil liberties are merely natural rights codified into law. If it is suicide to have possess these rights/liberties written into law as civil liberties, it would be just as much suicide to possess them as uncoded natural rights.
I'm sure I'm going somewhere with this, but I have to run, got errands that must be done this morning.... I'll think about it during the day. Or, maybe this can at least serve as a start to someon
Re:Ahem (Score:1)
The Constitution and Bill of Rights are such fundamental underpinings of our (our? cue bitching about us-centric views here) country and society, that to surrender them in the name of security would be a sort of sociatal suicide. If keeping them did mean death, literally or figuratively, I'd rather die standing... Patrick Henry's line springs to mind.
Re:Ahem (Score:2)
Just for sake of argument, let's say today we have 90% liberty and 50% security. Of course, these things can't be quantified, but this is just to make the point. We're not talking about going to 0% liberty and 100% security; we're tal
Re:Ahem (Score:1)
Correct me if I'm wrong, but I think the Colorado river took more than a day to carve the Grand Canyon. Errosion is a slow, but steady proccess. 2% today, 1% tommorrow, hey, another 2% Friday will gain us another 3% saftey.
What you have to keep in mind is that one variable is not strictly dependant of the other. What should be done, to use your quantifications, is set the slider for freedom at 98% (only 98%? there has to be some restrictions, "no stealing my car
Irresponsible (Score:2)
You say "suicide pact" without offering any meaning or definition. That's every bit as fear-mongering and irresponsible as the current U.S. govt's actions have been of late.
Is it suicidal to want to know that the government is doing its job? Is an opaque government to be trusted? Will elected and appointed officials perform their duty to protect us? What if they slack off? Will we know before its too late?
It's called accountability. Our safety is dependent upon it.
Unaccountability is
Re:Irresponsible (Score:2)
Suicide pact: an agreement made among two or more parties that will result in the death of all involved. Seemed to me that the meaning would be obvious.
Is it suicidal to want to know that the government is doing its job?
It might be. For example, let's say the government has established a network of civil defense shelters and whatnot to help save lives in the event of a large-scale chemical attack on our cities. Some wise guy invokes the
Re:Irresponsible (Score:2)
FOIA is all that stands between opacity and accountability, in many departments of the US govt. Ashcroft began nailing the coffin lid shut on FOIA around the same time he nightmared up PATRIOT. Ashcroft has an unbroken record for refusing Congressional information requests about PATRIOT's implementation details.
If we had an accountable government
Keep things in perspective (Score:4, Insightful)
This is a response to several posts made here.
I've seen several posts so far that deal primarily with terrorists causing nuclear plants to meltdown, but really that's an extreme point of the kind of information that is being held back. One poster said, basically, that a dead man doesn't have any civil liberties, and that's certainly true and there are some things that the government should keep secret, like the locations of military weapons depots and our own nuclear arsenal. But the article isn't about just nuclear plants and military weapons. It's about all sorts of ways that communities could make themselves safer. Maybe folks could brainstorm some things that the government should be telling us, and then we can get of this extremist example.
To refer to another post, somebody asked if "you would pour the concrete yourself," presumably in reference to making some sort of architectural structure safer in the event of a terrorist attack. There are a lot of people out there who know how to pour concrete, and I would bet quite a few of them would be willing to provide their knowledge and experience to help make their communities safer.
Finally, a lot of words have been given to the comparison of community security issues to open vs. closed software. Well, I have to say that it's simply not true that secrecy is the best policy because, as any Thursday-night sitcom can tell you, no matter how "secret" you keep something, it's going to be found out sooner or later. Last year sometime I remember hearing a report on NPR about how the government was trying to get libraries to remove from circulation CDs that contained information about reservoirs and water supply sheds, etc., because this information could be used to make a terrorist attack. But the problem with this, besides the fact that the information is already "out there" (you can't close Pandora's box, at least not effectively), is that terrorists obviously do their research, and they're gonna find the reservoirs they want anyway. Heck, all they need to do is read Stephen King's "Dreamcatcher" to take care of greater Boston...perhaps we should ban that! But it's not just about terrorist attacks. People should have the right to know where the water they drink comes from. Sure, a lot of people will do nothing with the information, but should the day come that they need it, god forbid the info isn't there!
Essentially, I do believe that some things should be kept secret, but not many things. Plans for WMDs? Certainly! The structural integrity of the bridge I drive over everyday to go to work? Certainly not!
Pro/Con (Score:2)
It can be logically argued about exactly where the point of balance should be between full information disclosure about public vulnerabilities and total secrecy.
Like many, I believe that the optimum lies between the two extremes. And I think every situation is different in terms of the trade-offs between the value of public disclosure in warning the public, getting them to take the threat seriously, and the flip sides of inducing needless panic, giving saboteurs a helpful roadmap, etc.
The key issue in my